To breach or not? Profiling students' likelihood of breaching university ICT Codes of Conduct Student Profiling of Breach of ICT Codes of Conduct

Requiring users to sign commitments to follow Information and Communication Technology (ICT) Codes of Conduct is a common strategy to protect an organisation's ICT services and resources from misuse and cybersecurity threats posed by internal users. In a university context, students typically need to sign such an agreement prior to having their enrolment confirmed. Unfortunately, compliance with these codes is imperfect, posing organisational cybersecurity risks. This raises the question: can we predict which students are likely to breach these codes of conduct? To answer this question, we developed profiles to predict which students are likely to commit a code breach by collecting the responses of 260 students to five scenario-pairs (breach/non-breach) based on our university's ICT policy. The study also captured participants' demographics, moral stances, values, and cyber hygiene practices, to build predictive models of compliance towards the university's ICT policy. Our findings reveal that most students could identify breaches and appropriate uses of ICT resources. Data modelling found the strength of students' commitments to ethical principles and knowledge of their university's ICT Policy were the main predictors of a breach versus non-breach behaviours and confirmed the importance of training in ethics, increasing commitment to the institution, and improving knowledge of the ICT policy and appropriate usage of ICT resources.